Security and trust at Phantom Browser.

We operate the AI infrastructure. You never need to configure model access, manage credentials for a model provider, or wire up your own backend. There is nothing for you to install beyond the app itself. Traffic to and from the AI runs over TLS to our cloud servers in well-known regions.

Browser session data, cookies, local logins, downloaded files, and anything you mark private in memory. These never leave your machine.

Task instructions, the page snapshots and DOM excerpts the agent needs to reason, and the agent's planning steps. Retention windows are configurable in account settings.

Approval gates for: purchases, payments, sending messages, deletions, downloads, logins, and file system access outside a working directory. Per-site allow and deny lists give you granular control.

The agent treats page content as untrusted data, never as instruction. Action grounding requires the action to match the user's task, not page text. Cross-site instruction isolation: a page on one domain cannot redirect a task targeted at another domain.

Stored in the OS keychain or platform-equivalent secure storage. Never sent to the cloud in plaintext. The agent fills credentials at the page level; the cloud sees only that a login was completed, not the values.

Encryption in transit (TLS 1.2+) and at rest. Configurable logging and retention windows. Data deletion on request.

We are building toward formal certifications. We do not yet hold SOC 2 or ISO 27001. This section will be updated as our compliance posture evolves.

Report vulnerabilities to security@phantombrowser.com. We commit to acknowledging reports within 48 hours, providing safe harbor for good-faith research, and publishing fixes transparently.

A current list of subprocessors is maintained and available on request. Contact security@phantombrowser.com for the latest version.